Profiling and Detecting Malicious DNS Traffic
Aug. 21, 2024, 1:29 p.m.
Tags
External References
Description
To improve our detection of suspicious network activity, we developed a deep learning method to profile and detect malicious DNS traffic patterns. Based on these DNS profiles, we implemented multiple detection modules designed to identify suspicious domains from different perspectives. We explored how these DNS traffic patterns correlate with specific types of cyberattacks through various case studies. Our detector captured 170 emerging suspicious domains in May 2024, blocking approximately 374,000 malicious DNS requests every day.
Date
Published: Aug. 21, 2024, 1:07 p.m.
Created: Aug. 21, 2024, 1:07 p.m.
Modified: Aug. 21, 2024, 1:29 p.m.
Indicators
carollewis.network
pococo.cc
robotatten.com
comcadt.net
biillpi.com
Attack Patterns
T1206
T1610
T1081
T1048
T1556
T1008
T1608
T1137
T1583
T1572
T1087
T1573
T1489
T1083
T1210
T1053